<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@ page import="java.sql.*" %>
<%@ include file="common.jsp"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<%
	int err=0;
	String userid="";
	String username="";
	String email="";
	String password="";
	String fullname="";
	try{
		Connection cn;
		Statement smt;
		ResultSet rst;
		Class.forName("com.mysql.jdbc.Driver");
		String url = "jdbc:mysql://127.0.0.1:3306/banhang";
		cn = DriverManager.getConnection(url, "root", "root");
		smt = cn.createStatement();
		username= request.getParameter("username");
		username=replaceString(username,"'", "''");
		session.putValue("username",username);
		password= request.getParameter("password");
		String strSQL="";
		String pwd="";
		strSQL="select * from user where UserID = '" + username + "'";
		rst=smt.executeQuery(strSQL);
		if (rst.next()){
			userid= rst.getString("UserID");
			pwd=rst.getString("Password");
			fullname= rst.getString("Fullname");
			email= rst.getString("Email");
			if(pwd.equals(password)){
				session.putValue("userid",userid);
				session.putValue("email",email);
				session.putValue("fullname",fullname);
				response.sendRedirect("index.jsp");
			}
			else{
				/*sai password*/
				session.putValue("userid","0");
				response.sendRedirect("admin.jsp");
			}
		}
		else{
			/*sai user*/
			session.putValue("userid","-1");
			response.sendRedirect("admin.jsp");
		}
		smt.close();
		cn.close();
	}
	catch (Exception e){
		/*sai ket noi*/
		session.putValue("userid","-2");
		out.println(e);
		response.sendRedirect("admin.jsp");
	}
%>
</body>
</html>